Additional system programming steps for SecurID
After you perform the RACF® administration tasks, you must perform additional system programming tasks to allocate data sets, copy the sdconf.rec file, and define
SecurID parameters.
Allocate SDCONF.REC data set
Allocate the SDCONF.REC data set.
Allocate node secret data set
You must allocate the node secret data set. The RSA node secret is a shared secret known to IBM MFA and the RSA Authentication Manager.
Copy sdconf.rec to SDCONF.REC data set
The sdconf.rec file is the configuration file for connecting to the RSA Authentication Manager. Obtain the sdconf.rec file from the RSA Authentication Manager (or the RSA Authentication Manager administrator.) Copy the file into the SDCONF.REC data set you allocated. Make sure all file transfers are executed in binary mode.
Optionally, create SDOPTS.REC file
In some environments, it might be necessary to use an SDOPTS.REC file to ensure that the AZFSIDP1 plug-in can correctly communicate with RSA Authentication Manager.
Configure SecurID parameters
Execute AZFEXEC to configure the SecurID parameters.
Start the IBM MFA services started task
The IBM MFA services started task supports authentication of users and validation of tags specified in the RACF ALTUSER command at runtime.
Configure IBM MFA Compound In-Band
Configure IBM MFA Compound In-Band authentication only if you require the user to authenticate in-band with a combination of a SecurID token, and a passphrase or password.